diff options
| author | forshaw@chromium.org <forshaw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-16 08:17:13 +0000 |
|---|---|---|
| committer | forshaw@chromium.org <forshaw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-16 08:18:25 +0000 |
| commit | 7b48bebc27bd4e18db785b020b07242977d0ca05 (patch) | |
| tree | 86d1745d29dd6f9a0d71fad7c33a188b55ccc39e /sandbox/win | |
| parent | fc672e1413bd795df83aaedc81d3407a85c9b0bf (diff) | |
| download | chromium_src-7b48bebc27bd4e18db785b020b07242977d0ca05.zip chromium_src-7b48bebc27bd4e18db785b020b07242977d0ca05.tar.gz chromium_src-7b48bebc27bd4e18db785b020b07242977d0ca05.tar.bz2 | |
Replace NT prefix in sandbox rules match string to handle correct wildcard escaping
This patch adds a function to modify file system sandbox rules to replace the
\??\ NT prefix with the correct escaped form \/?/?\ for the wildcard matching
rules in the broker. This is done generally as it's a common mistake in the
sandbox code and so provides some defence in depth.
BUG=334882
Review URL: https://codereview.chromium.org/432543005
Cr-Commit-Position: refs/heads/master@{#290131}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@290131 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/win')
| -rw-r--r-- | sandbox/win/src/file_policy_test.cc | 25 | ||||
| -rw-r--r-- | sandbox/win/src/filesystem_policy.cc | 31 | ||||
| -rw-r--r-- | sandbox/win/src/filesystem_policy.h | 5 |
3 files changed, 55 insertions, 6 deletions
diff --git a/sandbox/win/src/file_policy_test.cc b/sandbox/win/src/file_policy_test.cc index adda1a5..b0d033b 100644 --- a/sandbox/win/src/file_policy_test.cc +++ b/sandbox/win/src/file_policy_test.cc @@ -9,6 +9,7 @@ #include <winioctl.h> #include "base/win/scoped_handle.h" +#include "sandbox/win/src/filesystem_policy.h" #include "sandbox/win/src/nt_internals.h" #include "sandbox/win/src/sandbox.h" #include "sandbox/win/src/sandbox_factory.h" @@ -596,4 +597,28 @@ TEST(FilePolicyTest, DISABLED_TestReparsePoint) { EXPECT_TRUE(::RemoveDirectory(subfolder.c_str())); } +TEST(FilePolicyTest, CheckExistingNTPrefixEscape) { + base::string16 name = L"\\??\\NAME"; + + base::string16 result = FixNTPrefixForMatch(name); + + EXPECT_STREQ(result.c_str(), L"\\/?/?\\NAME"); +} + +TEST(FilePolicyTest, CheckEscapedNTPrefixNoEscape) { + base::string16 name = L"\\/?/?\\NAME"; + + base::string16 result = FixNTPrefixForMatch(name); + + EXPECT_STREQ(result.c_str(), name.c_str()); +} + +TEST(FilePolicyTest, CheckMissingNTPrefixEscape) { + base::string16 name = L"C:\\NAME"; + + base::string16 result = FixNTPrefixForMatch(name); + + EXPECT_STREQ(result.c_str(), L"\\/?/?\\C:\\NAME"); +} + } // namespace sandbox diff --git a/sandbox/win/src/filesystem_policy.cc b/sandbox/win/src/filesystem_policy.cc index 331b9fb..87340a8 100644 --- a/sandbox/win/src/filesystem_policy.cc +++ b/sandbox/win/src/filesystem_policy.cc @@ -77,12 +77,9 @@ bool FileSystemPolicy::GenerateRules(const wchar_t* name, NOTREACHED(); return false; } - if (0 != mod_name.compare(0, kNTPrefixLen, kNTPrefix)) { - // TODO(nsylvain): Find a better way to do name resolution. Right now we - // take the name and we expand it. - mod_name.insert(0, L"\\/?/?\\"); - name = mod_name.c_str(); - } + + mod_name = FixNTPrefixForMatch(mod_name); + name = mod_name.c_str(); } EvalResult result = ASK_BROKER; @@ -383,4 +380,26 @@ bool PreProcessName(const base::string16& path, base::string16* new_path) { return !reparsed; } +base::string16 FixNTPrefixForMatch(const base::string16& name) { + base::string16 mod_name = name; + + // NT prefix escaped for rule matcher + const wchar_t kNTPrefixEscaped[] = L"\\/?/?\\"; + const int kNTPrefixEscapedLen = arraysize(kNTPrefixEscaped) - 1; + + if (0 != mod_name.compare(0, kNTPrefixLen, kNTPrefix)) { + if (0 != mod_name.compare(0, kNTPrefixEscapedLen, kNTPrefixEscaped)) { + // TODO(nsylvain): Find a better way to do name resolution. Right now we + // take the name and we expand it. + mod_name.insert(0, kNTPrefixEscaped); + } + } else { + // Start of name matches NT prefix, replace with escaped format + // Fixes bug: 334882 + mod_name.replace(0, kNTPrefixLen, kNTPrefixEscaped); + } + + return mod_name; +} + } // namespace sandbox diff --git a/sandbox/win/src/filesystem_policy.h b/sandbox/win/src/filesystem_policy.h index 68dffec..ce28344 100644 --- a/sandbox/win/src/filesystem_policy.h +++ b/sandbox/win/src/filesystem_policy.h @@ -103,6 +103,11 @@ class FileSystemPolicy { // the path cannot be trusted. bool PreProcessName(const base::string16& path, base::string16* new_path); +// Corrects global paths to have a correctly escaped NT prefix at the +// beginning. If the name has no NT prefix (either normal or escaped) +// add the escaped form to the string +base::string16 FixNTPrefixForMatch(const base::string16& name); + } // namespace sandbox #endif // SANDBOX_SRC_FILESYSTEM_POLICY_H__ |